X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fpolicy%2Fcomponents%2Fpolicy-pap%2Fvalues.yaml;h=2c240d23479687adedbda119b00d276ab002f3ff;hb=e4aac7a3c577b7bb9eaae93387d482f952ee4b72;hp=ec177d82c1cc268071c9abb15d718dfd62c8f80b;hpb=777447ccdbabfaf2448e0dc812f0d755c889600e;p=oom.git

diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index ec177d82c1..2c240d2347 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -1,7 +1,7 @@
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2019 Nordix Foundation.
 #   Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
-#   Modifications Copyright (C) 2020 Bell Canada.
+#   Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -38,13 +38,13 @@ secrets:
     passwordPolicy: required
   - uid: restserver-secret
     type: basicAuth
-    externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+    externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}'
     login: '{{ .Values.restServer.user }}'
     password: '{{ .Values.restServer.password }}'
     passwordPolicy: required
   - uid: api-secret
     type: basicAuth
-    externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.api.credsExternalSecret) . }}'
+    externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}'
     login: '{{ .Values.healthCheckRestClient.api.user }}'
     password: '{{ .Values.healthCheckRestClient.api.password }}'
     passwordPolicy: required
@@ -64,6 +64,13 @@ secrets:
     externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
     password: '{{ .Values.certStores.trustStorePassword }}'
     passwordPolicy: required
+  - uid: policy-kafka-user
+    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+    type: genericKV
+    envs:
+      - name: sasl.jaas.config
+        value: '{{ .Values.config.someConfig }}'
+        policy: generate
 
 certStores:
   keyStorePassword: Pol1cy_0nap
@@ -83,9 +90,6 @@ certInitializer:
   uid: 100
   gid: 101
   aaf_add_config: >
-    /opt/app/aaf_config/bin/agent.sh;
-    export $(/opt/app/aaf_config/bin/agent.sh local showpass
-    {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
     echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
     echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
     chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
@@ -95,7 +99,7 @@ certInitializer:
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/policy-pap:2.4.2
+image: onap/policy-pap:2.6.3
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -111,13 +115,13 @@ db:
     internalPort: 3306
 
 restServer:
-  user: healthcheck
+  user: policyadmin
   password: zb!XztG34
 
 healthCheckRestClient:
   api:
-    user: healthcheck
-    password: zb!XztG34
+    user: policyadmin
+    password: none
   distribution:
     user: healthcheck
     password: zb!XztG34
@@ -131,7 +135,7 @@ affinity: {}
 
 # probe configuration parameters
 liveness:
-  initialDelaySeconds: 20
+  initialDelaySeconds: 60
   periodSeconds: 10
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
@@ -139,9 +143,14 @@ liveness:
   port: http-api
 
 readiness:
-  initialDelaySeconds: 20
-  periodSeconds: 10
+  initialDelaySeconds: 10
+  periodSeconds: 120
   port: http-api
+  api: /policy/pap/v1/healthcheck
+  scheme: HTTPS
+  successThreshold: 1
+  failureThreshold: 3
+  timeout: 60
 
 service:
   type: ClusterIP
@@ -173,3 +182,47 @@ resources:
       memory: 2Gi
   unlimited: {}
 
+#Pods Service Account
+serviceAccount:
+  nameOverride: policy-pap
+  roles:
+    - read
+
+metrics:
+  serviceMonitor:
+    # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+    # The default operator for prometheus enforces the below label.
+    labels:
+      release: prometheus
+    enabled: true
+    port: http-api
+    interval: 60s
+    isHttps: true
+    basicAuth:
+      enabled: true
+      externalSecretNameSuffix: policy-pap-user-creds
+      externalSecretUserKey: login
+      externalSecretPasswordKey: password
+
+# application configuration
+config:
+# Event consumption (kafka) properties
+  useStrimziKafka: true
+  kafkaBootstrap: strimzi-kafka-bootstrap
+  kafka:
+    consumer:
+      groupId: poicy-group
+  app:
+    listener:
+      policyPdpPapTopic: policy-pdp-pap
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+#
+# eventConsumption:
+#   spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+#   spring.kafka.security.protocol: PLAINTEXT
+#   spring.kafka.consumer.group-id: policy-group
+#
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.